CN102215109A - Method for dynamically storing and validating digital evidences based on computer forensics - Google Patents
Method for dynamically storing and validating digital evidences based on computer forensics Download PDFInfo
- Publication number
- CN102215109A CN102215109A CN2011101445189A CN201110144518A CN102215109A CN 102215109 A CN102215109 A CN 102215109A CN 2011101445189 A CN2011101445189 A CN 2011101445189A CN 201110144518 A CN201110144518 A CN 201110144518A CN 102215109 A CN102215109 A CN 102215109A
- Authority
- CN
- China
- Prior art keywords
- data
- signature
- cryptographic hash
- evidence
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the field of digital information management of computer networks, and discloses a method for dynamically storing and validating digital evidences based on computer forensics. The method is characterized in that a client performs consistent encryption operation on the collected forensics information according to a time sequence after the client collects the information, and stores the information in serialization to realize the dynamical storing of the forensics information; and a server performs consistent check on the received forensics information in a dynamical forensics system in a client/server mode. Compared with the prior art, through the method provided by the invention, the malicious damage by invaders can be avoided, thus the subsequent investigated forensics information has objectivity and authenticity, corresponds with the law rules, and has the features required by lawful evidence.
Description
Technical field
The present invention relates to computer network digital information management domain, particularly relate to the safety management field of computer evidence.
Background technology
Recent years, the computer network crime is more savage, and the network crime has become the international question of generally being concerned about.And evidence of crime how to collect the offender becomes the key of hitting the computer network crime, just electronic evidence.Therefore, computer forensics has received increasing concern, and becomes the research focus of computer network security field.
Computer forensics is exactly that evidence to computer crime obtains, preserves, analyzes and shows, and mainly comprises two aspects of physical proof and digital evidence.Physical proof is come computer crime or invasion scene with regard to being meant legal investigator, seeks and detain relevant computer hardware; Digital evidence is meant seeks the electronic evidence that is used for proving certain concrete criminal offence from initial data (comprising file, daily record etc.).The same with other legal evidences, these electronic evidences must be true, legal.
In general, the fail safe protective ratio of physical proof is easier to.And electronic evidence makes their fail safe protection become difficult owing to self have characteristics such as easy modification, easy deletion.If these electronic evidences from produce the time be carved into to be submitted to legal investigator's hand and in this process any point change taken place, they will be delegalized.Therefore, how to preserve electronic evidence, and how to guarantee that the electronic evidence submitted to and original electronic information are in full accord, become very important.
Current, in this research field, situation of theoretical both domestic and external mostly is that follow-up study is in the majority, the source innovative idea is less, and many achievements in research all are to rest on the unified pattern: by evidence obtaining machine, evidence obtaining machine and analytical engine.Such research mode almost is the frame structure of following the tracks of intruding detection system; do not embody the objectives of invasion evidence obtaining; though it is inherited some safety defects of intruding detection system, ineffective as oneself safety protection, fail to report and do not have strict legal effect with rate of false alarm height, the resource consumption instrument of evidence huge, that kept and be easy to be distorted.Different with concrete theoretical research work progress is many evidence obtaining tool software to have occurred, as TCT(The Coronor ' s Toolkit) and evidence obtaining software such as Encase.But the emphasis of these tool software all is how to recover deleted file, how to extract evidence in the fileinfo afterwards.Along with the variation of network intrusions form and the appearance of anti-forensic technologies, their practicality will be subjected to big restriction.And in case it is deleted or just be maliciously tampered before being submitted to comprise the data of invasion information, they will delegalize.
Summary of the invention
Based on above-mentioned prior art; the present invention proposes a kind of digital evidence based on computer forensics and dynamically preserves and verification method; by protecting possible evidence of crime in real time in preceding two stages of the invaded overall process of computer (before the invasion, in the invasion); in real time the possible evidence of crime that is produced in the protected computer system is handled and it is preserved safely; pass to server end then; server end carries out consistency checking to the information that receives, and realizes the primitiveness protection of the evidence of computer crime.
The dynamic store method of a kind of digital evidence that the present invention proposes based on computer forensics, behind the client acquisition of information, the evidence obtaining information that collects is carried out the consistency cryptographic operation in chronological order, and serializing is preserved, realize the dynamic preservation of evidence obtaining information, this method may further comprise the steps:
The client private key SK of client-side information transmit leg is set, and encryption function E obtains the 1st evidence obtaining information data m
1After, utilize h
1=H (m
1) acquisition data m
1Cryptographic Hash h
1, and utilize n
1=ESK (h
1) carry out the encrypted private key calculating of corresponding cryptographic Hash, add data m
1Signature n
1, with data m
1Signature n
1Temporarily store place of safety into, preserve data m
1And signature n
1Be m
1|| n
1, be used to send back server;
In like manner, get access to the 2nd evidence obtaining information data m
2After, utilize h
2=H (m
2) acquisition data m
2Cryptographic Hash h
2, and utilize n
2=ESK (h
2) carry out the transmission encrypted private key calculating of corresponding cryptographic Hash, add data m
2Signature n
2, and take out data m
1Signature n
1, preserve data m
2, data m
2A signature and a last data m
1The signature n of data
1Signature be m
2|| n
2|| n
1Send back server, and with current signature n
2Cover a last signature n
1
By that analogy, until obtain i bar data m
iAfter, utilize h
i=H (m
i), n
i=ESK (
Hi) add data m
iSignature n
i, and take out data m
I-1Signature n
I-1, preserve data m
i, data m
iSignature n
iAn and last data m
I-1Signature n
I-1Be m
i|| n
i|| n
I-1Send back server, and with the current data n that signs
iCover a data m
I-1Signature n
I-1
2. digital evidence verification method based on computer forensics, in the dynamic evidence-obtaining system that adopts the client/server mode, server end will carry out consistency check to the evidence obtaining information that receives, and this method may further comprise the steps:
If the client public key PK of server end information sender, decryption function D, recipient receive the 1st evidence obtaining information data m of the evidence obtaining information data recording that is sent
1And signature m
1|| n
1After, pass through h
1'=H (m
1) obtain these data m
1The first cryptographic Hash h
1', pass through h
1=DPK (n
1) to signature n
1Send the private key deciphering and calculate, obtain data m
1The second cryptographic Hash h
1, preserve h
1, and compare h
1And h
1', unequal then m
1Lose value;
Receive these data m
2, these data m
2Signature n
2An and last data m
1The m of signature n
2|| n
2|| n
1After, pass through h
2'=H (m
2), h
2=DPK (n
2) try to achieve these data m
2The first cryptographic Hash h
2With the second cryptographic Hash h
2', preserve the second cryptographic Hash h
2, and compare the first cryptographic Hash h
2With the second cryptographic Hash h
2', if unequal then data m
2Lose value, make the first cryptographic Hash h of article one data then
1' equal the data m that previous step is preserved
1The second cryptographic Hash h
1, pass through h again
1=DPK (n
1) try to achieve data m
1The second cryptographic Hash h
1, contrast h
1And h
1', if equate, then illustrate this and last be continuous;
By that analogy to receiving i bar m
i|| n
i|| n
I-1After pass through h
i'=H (m
i), h
i=DPK (n
i) try to achieve data m
1The first cryptographic Hash h
i' and the second cryptographic Hash data m
1The first cryptographic Hash h
i' h
i, and compare h
iAnd h
i', if unequal then m
iLose value, make h then
I-1' equal the h that previous step is preserved
I-1, pass through h again
I-1=DPK (n
I-1) try to achieve h
I-1, contrast h
I-1And h
I-1' if equate then to illustrate this and last be continuous.。
Compared with prior art, the present invention can avoid invador's malicious sabotage, and the investigation and evidence collection information afterwards that makes has objectivity, authenticity, meets the legal requirements, and possesses the desired feature of lawful evidence.
Description of drawings
The flow chart that Fig. 1 dynamically preserves for evidence obtaining information;
Fig. 2 is the flow chart of evidence obtaining consistency on messaging checking;
Fig. 3 is a data consistency checking one;
Fig. 4 is a data consistency checking two;
Fig. 5 is a data consistency checking three;
Fig. 6 is a data consistency checking three.
Embodiment
Computer forensics mainly is authenticity, integrality, the continuity for electron gain evidence and assurance evidence, and the authenticity of data is meant that any data are all certain and can only is that target device produces, can't be denied.The integrality of data is meant that any act of revision of any data record all can be found.The continuity of data is meant that the behavior of any interpolation or delete data record all can be found.The invaded overall process of computer can be divided into three phases: before the invasion, in the invasion, after the invasion.No less important after guaranteeing the fail safe of evidence of crime and integrality and invasion in preceding two stages, and the computer forensics technology that had proposed at present nearly all is collection and protection at the evidence of crime after the invasion.
Embodiment of the present invention are described in detail as follows:
One, the dynamic preservation of evidence obtaining information
The operation of this process is mainly: behind the client acquisition of information, the evidence obtaining information that will collect is in time carried out the consistency cryptographic operation in chronological order, and serializing preserves, to avoid evidence obtaining information by offender's malicious sabotage.
For authenticity, integrality and the continuity that makes evidence obtaining information can both be guaranteed, after being recorded in and obtaining, all data are added the signature of a data record on this data record and its immediately.In this way, every data have all been carried on it signature of one, have well guaranteed the continuity of evidence obtaining information.If i bar data record is m
i, the flow process of dynamic preservation of the present invention as shown in Figure 1.This flow process may further comprise the steps:
1, the client private key of establishing the client-side information transmit leg is SK, and E is an encryption function, and H is an one-way hash function, obtain the 1st evidence obtaining information data after, utilize h
1=H (m
1) obtain these data m
1Cryptographic Hash, and utilize n
1=ESK (h
1) carry out the encrypted private key calculating of corresponding cryptographic Hash, add the 1st data m
1Signature n
1, with n
1Temporarily store place of safety into, preserve data and signature m thereof
1|| n
1Be used to send back server;
2, in like manner, get access to the 2nd the evidence obtaining information data after, utilize h2=H (m
2) obtain these data m
2Cryptographic Hash, and utilize n
2=ESK (h
2) carry out the transmission encrypted private key calculating of corresponding cryptographic Hash, add the 2nd data m
2Signature n
2, and take out n
1, preserve these data, this data signature and a last data signature m
2|| n
2|| n
1Send back server, and with current signature n
2Cover a last signature n
1
3, by that analogy until after the i bar data, utilize h
i=H (m
i), n
i=ESK (
Hi) to m
iSignature takes out n
I-1, preserve m
i||
Ni|| n
I-1Be used to send back server, and use n
iCover n
I-1
Two, the consistency check of evidence obtaining information
In the dynamic evidence-obtaining system that adopts the client/server mode, server end will carry out consistency check to the evidence obtaining information that receives, and idiographic flow such as Fig. 2 represent that this flow process may further comprise the steps:
1, the client public key of establishing the server end information sender is PK, and D is a decryption function, and recipient's (client) receives article one data and the signature m thereof of the evidence obtaining information data recording that is sent
1|| n
1After, pass through h
1'=H (m
1) obtain these data m
1The first cryptographic Hash h
1', pass through h
1=DPK (n
1) to signature n
1Ask to send private key deciphering calculating, obtain data m
1The second cryptographic Hash h
1, preserve h
1, and compare h
1And h
1', unequal then m
1Lose value.
2, receive these data, this data signature and a last data signature m
2|| n
2|| n
1After pass through h
2'=H (m
2), h
2=DPK (n
2) try to achieve these data m
2The first cryptographic Hash h
2With the second cryptographic Hash h
2', preserve h
2, and compare h
2And h
2', unequal then m
2Lose value, make h then
1' equal the h1 that previous step is preserved, pass through h again
1=DPK (n
1) try to achieve h
1, contrast h
1And h
1', if equate, then illustrate this and last be continuous.
3, by that analogy to receiving i bar m
i|| n
i|| n
I-1After pass through h
i'=H (m
i), h
i=DPK (n
i) try to achieve the first cryptographic Hash h
i' and the second cryptographic Hash h
i, and compare h
iAnd h
i', unequal then m
iLose value, make h then
I-1' equal the h that previous step is preserved
I-1, pass through h again
I-1=DPK (n
I-1) try to achieve h
I-1, contrast h
I-1And h
I-1' if equate then to illustrate this and last be continuous.
Three, the safety analysis of embodiment of the present invention
1, data validity, the authenticity of data are guaranteed and are meant that any data all really and can only be that target device produces, can't deny
Every data were all carried out signature by the private key of transmit leg, and this private key has only this transmit leg to have alone, so these data really and can only be sent by transmit leg.Transmit leg can't be denied, because other any sides do not have this private key (can't produce identical signing messages).The authenticity of data is guaranteed thus.
2, any act of revision that is meant any data record that is guaranteed of data integrity, the integrality of data all can be found
Initial data is made any modification, and the recipient utilizes h
i'=H (m
i) h that obtains
i' and utilize h
i=DPK (n
i) obtain
HiJust can not equate that the recipient just can draw the conclusion that these data were modified thus.Therefore any act of revision all can the side's of being received discovery, and the integrality of data is guaranteed.
3, the behavior that is meant any interpolation or delete data record that is guaranteed of data continuity, the continuity of data all can be found
1) data can not interpolation property, data can not interpolation property be meant that any data record that is added all can be proved to be invalid
Any other side does not have the private key SK of transmit leg, so the offender can not produce the digital signature of having only transmit leg to generate, and the signature of any data record that is added all can not be verified.So anyly attempt to confuse the behavior of law enforcement agency and can not succeed by adding data.
2) unsuppressible-suppression of data, the unsuppressible-suppression of data are meant that the deletion behavior of any data record all can be found
Every data are all carried self signature and it goes up the signature of bar, so when one or several was deleted by malice in a string continuous data, the recipient will in time find.Suppose to pass continuously 3 data m that come
1=aaaa, m
2=bbbb, m
3=cccc.When the recipient received the 3rd, if the 2nd data are deleted by malice, the observed situation of recipient's this moment was: m
1And m
3Be two continuous data.So when the recipient verifies, the h that obtains
2' in fact be exactly to receive m
1The h of Shi Baocun
1(because actual reception to last data are m
1), and h
2Then be to pass through h
2=DPK (n
2) calculate to obtain (to this data m that receives
3|| n
3|| n
2Extraction can obtain n
2), both obviously do not wait, and therefore can determine m
3And m
1Between exist data deleted.
This shows that the behavior of any interpolation or delete data record is all cannot succeed, the continuity of data is guaranteed.
3, relevant checking
Below the scheme of mentioning is done simple test.Wherein signature attribute is that true shows that itself is not modified, and continuity is that true shows that its last with it is continuous.When authentication is received continuous 4 application logs:
1) if do not made any modification and when deletion, the checking result as shown in Figure 3;
The checking result is that whole signatures and continuity attribute all are true, and data all were not modified and are continuous.
2) when being modified for the 2nd, the checking result as shown in Figure 4;
The checking result is that the signature attribute value of the 2nd data record is false, has illustrated that the 2nd data have been modified.
3) when the 2nd when deleted, the checking result as shown in Figure 5;
The checking result is that continuity attribute of the centre that receives is false, illustrates that itself and last one are not to be continuous, between deleted data record is arranged.
4) be modified when the 1st, the 2nd when deleted, the checking result as shown in Figure 6;
The checking result is that the 1st signature attribute that receives is false, and middle that continuity attribute is false, illustrate the 1st be modified and middle that and exist deleted data record between the 1st.
Beneficial effect
Compared with prior art, the present invention has following beneficial effect:
The legitimacy of evidence obtaining information.Each bar evidence obtaining information is all signed and the Hash iterative processing by fixing algorithm, and the evidence obtaining information that the reasoning by mathematics can the checking success is legal.
The fail safe of evidence obtaining information integrity protection process.Each bar information record that this method is preserved all is to copy to (rather than depositing in the file) in the safe buffering area in its generation simultaneously, subsequently it is signed and the Hash iterative processing, has very high fail safe.
This method has lower run cost.Employing multi-threaded parallel ground writes down and signs, and processing procedure is very fast, and the cpu resource and the memory source that need are all less.
Higher real-time.The algorithm that adopts in this method can carry out integrity protection and safe transfer to original evidence information in real time under the prerequisite that guarantees the evidence obtaining information integrity.
Claims (2)
1. dynamic store method of the digital evidence based on computer forensics, behind the client acquisition of information, the evidence obtaining information that collects is carried out the consistency cryptographic operation in chronological order, and serializing is preserved, realize the dynamic preservation of evidence obtaining information, this method may further comprise the steps:
The client private key SK of client-side information transmit leg is set, and encryption function E obtains the 1st evidence obtaining information data m
1After, utilize h
1=H (m
1) acquisition data m
1Cryptographic Hash h
1, and utilize n
1=ESK (h
1) carry out the encrypted private key calculating of corresponding cryptographic Hash, add data m
1Signature n
1, with data m
1Signature n
1Temporarily store place of safety into, preserve data m
1And signature n
1Be m
1|| n
1, be used to send back server;
In like manner, get access to the 2nd evidence obtaining information data m
2After, utilize h
2=H (m
2) acquisition data m
2Cryptographic Hash h
2, and utilize n
2=ESK (h
2) carry out the transmission encrypted private key calculating of corresponding cryptographic Hash, add data m
2Signature n
2, and take out data m
1Signature n
1, preserve data m
2, data m
2A signature and a last data m
1The signature n of data
1Signature be m
2|| n
2|| n
1Send back server, and with current signature n
2Cover a last signature n
1
By that analogy, until obtain i bar data m
iAfter, utilize h
i=H (m
i), n
i=ESK (
Hi) add data m
iSignature n
i, and take out data m
I-1Signature n
I-1, preserve data m
i, data m
iSignature n
iAn and last data m
I-1Signature n
I-1Be m
i|| n
i|| n
I-1Send back server, and with the current data n that signs
iCover a data m
I-1Signature n
I-1
2. digital evidence verification method based on computer forensics, in the dynamic evidence-obtaining system that adopts the client/server mode, server end will carry out consistency check to the evidence obtaining information that receives, and this method may further comprise the steps:
If the client public key PK of server end information sender, decryption function D, recipient receive the 1st evidence obtaining information data m of the evidence obtaining information data recording that is sent
1And signature m
1|| n
1After, pass through h
1'=H (m
1) obtain these data m
1The first cryptographic Hash h
1', pass through h
1=DPK (n
1) to signature n
1Send the private key deciphering and calculate, obtain data m
1The second cryptographic Hash h
1, preserve h
1, and compare h
1And h
1', unequal then m
1Lose value;
Receive these data m
2, these data m
2Signature n
2An and last data m
1The m of signature n
2|| n
2|| n
1After, pass through h
2'=H (m
2), h
2=DPK (n
2) try to achieve these data m
2The first cryptographic Hash h
2With the second cryptographic Hash h
2', preserve the second cryptographic Hash h
2, and compare the first cryptographic Hash h
2With the second cryptographic Hash h
2', if unequal then data m
2Lose value, make the first cryptographic Hash h of article one data then
1' equal the data m that previous step is preserved
1The second cryptographic Hash h
1, pass through h again
1=DPK (n
1) try to achieve data m
1The second cryptographic Hash h
1, contrast h
1And h
1', if equate, then illustrate this and last be continuous;
By that analogy to receiving i bar m
i|| n
i|| n
I-1After pass through h
i'=H (m
i), h
i=DPK (n
i) try to achieve data m
1The first cryptographic Hash h
i' and the second cryptographic Hash data m
1The first cryptographic Hash h
i' h
i, and compare h
iAnd h
i', if unequal then m
iLose value, make h then
I-1' equal the h that previous step is preserved
I-1, pass through h again
I-1=DPK (n
I-1) try to achieve h
I-1, contrast h
I-1And h
I-1' if equate then to illustrate this and last be continuous.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101445189A CN102215109A (en) | 2011-08-15 | 2011-08-15 | Method for dynamically storing and validating digital evidences based on computer forensics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101445189A CN102215109A (en) | 2011-08-15 | 2011-08-15 | Method for dynamically storing and validating digital evidences based on computer forensics |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102215109A true CN102215109A (en) | 2011-10-12 |
Family
ID=44746251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101445189A Pending CN102215109A (en) | 2011-08-15 | 2011-08-15 | Method for dynamically storing and validating digital evidences based on computer forensics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102215109A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102497367A (en) * | 2011-12-09 | 2012-06-13 | 重庆君盾科技有限公司 | Method and system for delivering electronic document in certifiable delivery process |
| WO2015021897A1 (en) * | 2013-08-12 | 2015-02-19 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for defending against network attack |
| CN108985765A (en) * | 2018-08-13 | 2018-12-11 | 中国联合网络通信集团有限公司 | Enterprise user information processing method, equipment and storage medium |
| CN110046162A (en) * | 2019-03-26 | 2019-07-23 | 阿里巴巴集团控股有限公司 | Aucillary document deposits card method, system, device and equipment |
| CN111865895A (en) * | 2020-05-29 | 2020-10-30 | 广西博士海意信息科技有限公司 | Data secret transmission method and system based on cloud platform |
| CN113282908A (en) * | 2020-02-19 | 2021-08-20 | 网联科技股份有限公司 | Validity verification method |
| CN113342278A (en) * | 2021-06-22 | 2021-09-03 | 海光信息技术股份有限公司 | Processor and method for keeping cache data consistency |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090019548A1 (en) * | 2007-07-13 | 2009-01-15 | Microsoft Corporation | Creating and Validating Cryptographically Secured Documents |
| CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
-
2011
- 2011-08-15 CN CN2011101445189A patent/CN102215109A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090019548A1 (en) * | 2007-07-13 | 2009-01-15 | Microsoft Corporation | Creating and Validating Cryptographically Secured Documents |
| CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
Non-Patent Citations (2)
| Title |
|---|
| 季鹏 等: "基于数字签名的动态身份认证系统的设计", 《计算机工程与设计 第29卷第1期》 * |
| 綦朝晖: "计算机入侵取证关键技术研究", 《中国博士学位论文全文数据库 2007年第2期》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102497367A (en) * | 2011-12-09 | 2012-06-13 | 重庆君盾科技有限公司 | Method and system for delivering electronic document in certifiable delivery process |
| CN102497367B (en) * | 2011-12-09 | 2014-07-30 | 重庆君盾科技有限公司 | Method and system for delivering electronic document in certifiable delivery process |
| WO2015021897A1 (en) * | 2013-08-12 | 2015-02-19 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for defending against network attack |
| CN108985765A (en) * | 2018-08-13 | 2018-12-11 | 中国联合网络通信集团有限公司 | Enterprise user information processing method, equipment and storage medium |
| CN110046162A (en) * | 2019-03-26 | 2019-07-23 | 阿里巴巴集团控股有限公司 | Aucillary document deposits card method, system, device and equipment |
| CN110046162B (en) * | 2019-03-26 | 2023-06-20 | 创新先进技术有限公司 | Auxiliary evidence storage method, system, device and equipment |
| CN113282908A (en) * | 2020-02-19 | 2021-08-20 | 网联科技股份有限公司 | Validity verification method |
| CN111865895A (en) * | 2020-05-29 | 2020-10-30 | 广西博士海意信息科技有限公司 | Data secret transmission method and system based on cloud platform |
| CN111865895B (en) * | 2020-05-29 | 2021-01-12 | 广西博士海意信息科技有限公司 | Data secret transmission method and system based on cloud platform |
| CN113342278A (en) * | 2021-06-22 | 2021-09-03 | 海光信息技术股份有限公司 | Processor and method for keeping cache data consistency |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102215109A (en) | Method for dynamically storing and validating digital evidences based on computer forensics | |
| Dezfoli et al. | Digital forensic trends and future | |
| Shah et al. | Protecting digital evidence integrity and preserving chain of custody | |
| Vance et al. | Cybersecurity in the blockchain era: a survey on examining critical infrastructure protection with blockchain-based technology | |
| Ćosić et al. | (Im) proving chain of custody and digital evidence integrity with time stamp | |
| CN100403326C (en) | Digital evidence integrality preserving method based on computer evidence | |
| Ilker et al. | Cyber fraud: Detection and analysis of the crypto-ransomware | |
| Patil et al. | Hash tree-based device fingerprinting technique for network forensic investigation | |
| Iyer et al. | Email spoofing detection using volatile memory forensics | |
| Pandey et al. | Current challenges of digital forensics in cyber security | |
| Sharma et al. | Analysis of ransomware attack and their countermeasures: A review | |
| KR102013415B1 (en) | System and method for verifying integrity of personal information | |
| Thapliyal et al. | A generic process model for botnet forensic analysis | |
| CN117037988A (en) | Electronic medical record storage method and device based on blockchain | |
| Avasthi | Network forensic analysis with efficient preservation for SYN attack | |
| Jain | Decentralize log file storage and integrity preservation using blockchain | |
| WO2011106059A1 (en) | Method and apparatus for providing authenticity and integrity to stored data | |
| Syambas et al. | Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics. | |
| Monteiro et al. | An authentication and validation mechanism for analyzing syslogs forensically | |
| Monteiro et al. | Exemplifying attack identification and analysis in a novel forensically viable Syslog model | |
| Ke et al. | Hash-algorithms output for digital evidence in computer forensics | |
| Chakraborty et al. | Introduction to network security technologies | |
| Resul et al. | Cryptolog: A new approach to provide log security for digital forensics | |
| Dezfouli et al. | Digital forensics trends and future | |
| Singh et al. | Check for updates A Study of Implementing a Blockchain-Based Forensic Model Integration (BBFMI) for IoT Devices in Digital Forensics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111012 |